Reject duplicate -addext parameters

#include <stdlib.h>

#include <time.h>

#include <string.h>

#include <ctype.h>

#include "apps.h"

#include "progs.h"

#include <openssl/bio.h>

#include <openssl/objects.h>

#include <openssl/pem.h>

#include <openssl/bn.h>

#include <openssl/bn.h>

#include <openssl/lhash.h>

#ifndef OPENSSL_NO_RSA

# include <openssl/rsa.h>

#endif

    {NULL}

};

/*

 * An LHASH of strings, where each string is an extension name.

 */

static unsigned long ext_name_hash(const OPENSSL_STRING *a)

{

    return OPENSSL_LH_strhash((const char *)a);

}

static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)

{

    return strcmp((const char *)a, (const char *)b);

}

static void exts_cleanup(OPENSSL_STRING *x)

{

    OPENSSL_free((char *)x);

}

/*

 * Is the |kv| key already duplicated?  This is remarkably tricky to get

 * right.  Return 0 if unique, -1 on runtime error; 1 if found or a syntax

 * error.

 */

static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)

{

    char *p;

    /* Check syntax. */

    if (strchr(kv, '=') == NULL)

        return 1;

    /* Skip leading whitespace, make a copy. */

    while (*kv && isspace(*kv))

        if (*++kv == '\0')

            return 1;

    if ((kv = OPENSSL_strdup(kv)) == NULL)

        return -1;

    /* Skip trailing space before the equal sign. */

    for (p = strchr(kv, '='); p > kv; --p)

        if (p[-1] != ' ' && p[-1] != '\t')

            break;

    if (p == kv) {

        OPENSSL_free(kv);

        return 1;

    }

    *p = '\0';

    /* Finally have a clean "key"; see if it's there. */

    if (lh_OPENSSL_STRING_retrieve(addexts, (OPENSSL_STRING*)kv) != NULL) {

        BIO_printf(bio_err, "Extension \"%s\" repeated\n", kv);

        OPENSSL_free(kv);

        return 1;

    }

    /* Not found; add it. */

    if (lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv) == NULL)

        return -1;

    return 0;

}

int req_main(int argc, char **argv)

{

    ASN1_INTEGER *serial = NULL;

    EVP_PKEY *pkey = NULL;

    EVP_PKEY_CTX *genctx = NULL;

    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;

    LHASH_OF(OPENSSL_STRING) *addexts = NULL;

    X509 *x509ss = NULL;

    X509_REQ *req = NULL;

    const EVP_CIPHER *cipher = NULL;

            multirdn = 1;

            break;

        case OPT_ADDEXT:

            if (addext_bio == NULL) {

            p = opt_arg();

            if (addexts == NULL) {

                addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp);

                addext_bio = BIO_new(BIO_s_mem());

                if (addexts == NULL || addext_bio == NULL)

                    goto end;

            }

            if (addext_bio == NULL

                || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)

            i = duplicated(addexts, p);

            if (i == 1)

                goto opthelp;

            if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)

                goto end;

            break;

        case OPT_EXTENSIONS:

    EVP_PKEY_CTX_free(genctx);

    sk_OPENSSL_STRING_free(pkeyopts);

    sk_OPENSSL_STRING_free(sigopts);

    lh_OPENSSL_STRING_doall(addexts, exts_cleanup);

    lh_OPENSSL_STRING_free(addexts);

#ifndef OPENSSL_NO_ENGINE

    ENGINE_free(gen_eng);

#endif

setup("test_req");

plan tests => 4;

plan tests => 8;

require_ok(srctop_file('test','recipes','tconversion.pl'));

open RND, ">>", ".rnd";

print RND "string to make the random number generator think it has randomness";

close RND;

# Check for duplicate -addext parameters

my $val = "subjectAltName=DNS:example.com";

my $val2 = " " . $val;

my $val3 = $val;

$val3 =~ s/=/    =/;

ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val])));

ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2])));

ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3])));

ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3])));

subtest "generating certificate requests" => sub {

    my @req_new;

    if (disabled("rsa")) {